pinging same host on the internet from two different LAN
stations
Marcel Braak
mbraak at xs4all.nl
Thu Jul 28 07:40:28 GMT 2005
Melameth, Daniel D. wrote:
>Pejman Moghadam wrote:
>
>
>>Melameth, Daniel D. wrote :
>>
>>
>>>FWIW, while I haven't looked into this in detail, it appears Windows
>>>clients always use the same ICMP ID--512...
>>>
>>>
>>I think this is right, beacuse of this state entry :
>>
>>self icmp 192.168.1.18:512 -> 1.2.3.4:512 -> 192.9.9.3:512 0:0
>>
>>but i have not any problem with windows clients when i use ipfw in
>>freebsd or even iptables in linux.
>>why same ICMP ID(512) is so important for PF? how can i deal with
>>that ?
>>
>>
>
>I don't know the specifics of any other these packet filters and haven't
>looked at any code, but I'd speculate that ipfw and iptables are
>proxying these ICMP IDs in some capacity similar to the way TCP ports
>are proxied and pf is just using the ICMP ID that is provided by the
>client.
>
>Then again, I could be very wrong.
>
>Danny
>
>
>
>
I have ran into this issue two days ago also.
We have a monitoring server that monitors a couple of server by sending
pings, and is informing me when a server isn't reachable by sending me a
sms.
But when an other hosts pings one of the servers the monitoring server
can't ping the server anymore and is sending me a sms.
In this case the server isn't down..
Before i had a linux/iptables firewall box that doesn't have this problem.
I hope there's a fix for PF cause i think this is a very anoying issue.
Marcel
More information about the freebsd-pf
mailing list